We study the fundamental limits of multi-server secure aggregation over a two-hop network where multiple servers, each connected to a disjoint subset of users, jointly compute the sum of all users' inputs. The goal is to ensure that no server can infer any information about prescribed subsets of inputs beyond the desired aggregate, even when colluding with an arbitrary subset of users. Existing works largely focus on homogeneous security requirements, where all inputs are protected against colluding sets up to a given size. Such formulations are insufficient to capture more general scenarios in which different subsets of inputs may require protection against different collusion patterns. In this paper, we consider a general model with heterogeneous security requirements and arbitrary user collusion. We characterize the communication rates for all parameter regimes, and determine the minimum key rate required for secure aggregation in most regimes. In particular, we establish tight information-theoretic lower bounds and matching achievable schemes in a broad class of regimes. For the remaining regime, we derive a general lower bound together with an achievable scheme that attains it within a bounded gap. Our results reveal how the interplay between network topology and heterogeneous security constraints fundamentally determines the communication and key generation requirements, and generalize existing results on secure aggregation.

翻译：我们研究两跳网络中多服务器安全聚合的基本极限问题。在该网络中，多个服务器分别连接至互不相交的用户子集，共同计算所有用户输入的累加和。目标是确保即使服务器与任意用户子集串谋，任何服务器也无法推断出除目标聚合结果之外的任何指定输入子集信息。现有工作主要关注同构安全需求，即所有输入均需防范不超过给定规模的串谋集合。这种形式化方法无法刻画更通用的场景——不同输入子集可能需要针对不同串谋模式提供保护。本文考虑具有异构安全需求与任意用户串谋的通用模型，刻画了所有参数区间的通信速率，并确定了多数区间内安全聚合所需的最小密钥速率。特别地，我们在一大类参数区间建立了严格的信息论下界与匹配的可达方案；针对剩余参数区间，我们推导出通用下界，并给出了能在有界间隙内逼近该下界的可达方案。研究结果揭示了网络拓扑结构与异构安全约束之间的相互作用如何从根本上决定通信与密钥生成需求，并推广了现有安全聚合的相关结论。